<head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<title>kali工具箱</title>
<script src="./static/bootstrap.min.js"></script>
<link rel="stylesheet" href="./static/main.css">
<link rel="stylesheet" href="./static/bootstrap.min.css">
<style type="text/css" id="syntaxhighlighteranchor"></style>
</head>
<main class="main-container ng-scope" ng-view="">
<div class="main receptacle post-view ng-scope">
<article class="entry ng-scope" ng-controller="EntryCtrl" ui-lightbox="">
<section class="entry-content ng-binding" ng-bind-html="postContentTrustedHtml">
<section class="l-section"><div class="l-section-h i-cf"><h2>enum4linux Package Description</h2>
<p style="text-align: justify;">A Linux alternative to enum.exe for enumerating data from Windows and Samba hosts.</p>
<p>Overview:</p>
<p>Enum4linux is a tool for enumerating information from Windows and Samba systems. It attempts to offer similar functionality to enum.exe formerly available from www.bindview.com.</p>
<p>It is written in Perl and is basically a wrapper around the Samba tools smbclient, rpclient, net and nmblookup.</p>
<p>The tool usage can be found below followed by examples, previous versions of the tool can be found at the bottom of the page.</p>
<p>Key features:</p>
<ul>
<li>RID cycling (When RestrictAnonymous is set to 1 on Windows 2000)</li>
<li>User listing (When RestrictAnonymous is set to 0 on Windows 2000)</li>
<li>Listing of group membership information</li>
<li>Share enumeration</li>
<li>Detecting if host is in a workgroup or a domain</li>
<li>Identifying the remote operating system</li>
<li>Password policy retrieval (using polenum)</li>
</ul>
<p>Source: https://labs.portcullis.co.uk/tools/enum4linux/<br>
<a href="https://labs.portcullis.co.uk/tools/enum4linux/" variation="deepblue" target="blank">enum4linux Homepage</a> | <a href="http://git.kali.org/gitweb/?p=packages/enum4linux.git;a=summary" variation="deepblue" target="blank">Kali enum4linux Repo</a></p>
<ul>
<li>Author: Mark Lowe</li>
<li>License: GPLv2</li>
</ul>
<h3>tools included in the enum4linux package</h3>
<h5>enum4linux</h5>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="e1938e8e95a18a808d88">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# enum4linux -h<br>
enum4linux v0.8.9 (http://labs.portcullis.co.uk/application/enum4linux/)<br>
Copyright (C) 2011 Mark Lowe (<a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="a0cdd2cce0d0cfd2d4c3d5ccccc9d38dd3c5c3d5d2c9d4d98ec3cfcd">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>)<br>
<br>
Simple wrapper around the tools in the samba package to provide similar<br>
functionality to enum.exe (formerly from www.bindview.com).  Some additional<br>
features such as RID cycling have also been added for convenience.<br>
<br>
Usage: ./enum4linux.pl [options] ip<br>
<br>
Options are (like "enum"):<br>
    -U        get userlist<br>
    -M        get machine list*<br>
    -S        get sharelist<br>
    -P        get password policy information<br>
    -G        get group and member list<br>
    -d        be detailed, applies to -U and -S<br>
    -u user   specify username to use (default "")<br>
    -p pass   specify password to use (default "")<br>
<br>
The following options from enum.exe aren't implemented: -L, -N, -D, -f<br>
<br>
Additional options:<br>
    -a        Do all simple enumeration (-U -S -G -P -r -o -n -i).<br>
              This opion is enabled if you don't provide any other options.<br>
    -h        Display this help message and exit<br>
    -r        enumerate users via RID cycling<br>
    -R range  RID ranges to enumerate (default: 500-550,1000-1050, implies -r)<br>
    -K n      Keep searching RIDs until n consective RIDs don't correspond to<br>
              a username.  Impies RID range ends at 999999. Useful<br>
          against DCs.<br>
    -l        Get some (limited) info via LDAP 389/TCP (for DCs only)<br>
    -s file   brute force guessing for share names<br>
    -k user   User(s) that exists on remote system (default: administrator,guest,krbtgt,domain admins,root,bin,none)<br>
              Used to get sid with "lookupsid known_username"<br>
              Use commas to try several users: "-k admin,user1,user2"<br>
    -o        Get OS information<br>
    -i        Get printer information<br>
    -w wrkg   Specify workgroup manually (usually found automatically)<br>
    -n        Do an nmblookup (similar to nbtstat)<br>
    -v        Verbose.  Shows full commands being run (net, rpcclient, etc.)<br>
<br>
RID cycling should extract a list of users from Windows (or Samba) hosts<br>
which have RestrictAnonymous set to 1 (Windows NT and 2000), or "Network<br>
access: Allow anonymous SID/Name translation" enabled (XP, 2003).<br>
<br>
NB: Samba servers often seem to have RIDs in the range 3000-3050.<br>
<br>
Dependancy info: You will need to have the samba package installed as this<br>
script is basically just a wrapper around rpcclient, net, nmblookup and<br>
smbclient.  Polenum from http://labs.portcullis.co.uk/application/polenum/<br>
is required to get Password Policy info.</code>
<h3>enum4linux Usage Example</h3>
<p>Attempt to get the userlist <b><i>(-U)</i></b> and OS information <b><i>(-o)</i></b> from the target <b><i>(192.168.1.200)</i></b>:</p>
<code><a class="__cf_email__" href="/cdn-cgi/l/email-protection" data-cfemail="34465b5b40745f55585d">[email&#160;protected]</a><script data-cfhash='f9e31' type="text/javascript">/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */</script>:~# enum4linux -U -o 192.168.1.200<br>
Starting enum4linux v0.8.9 ( http://labs.portcullis.co.uk/application/enum4linux/ ) on Sun Aug 17 12:17:32 2014<br>
<br>
 ==========================<br>
|    Target Information    |<br>
 ==========================<br>
Target ........... 192.168.1.200<br>
RID Range ........ 500-550,1000-1050<br>
Username ......... ''<br>
Password ......... ''<br>
Known Usernames .. administrator, guest, krbtgt, domain admins, root, bin, none<br>
<br>
<br>
 ======================================================<br>
|    Enumerating Workgroup/Domain on 192.168.1.200   |<br>
 ======================================================<br>
[+] Got domain/workgroup name: KALI</code>
</div></section><div style="display:none">
<script src="//s11.cnzz.com/z_stat.php?id=1260038378&web_id=1260038378" language="JavaScript"></script>
</div>
</main></body></html>
